<%-- authentication.jsp (Revize Login Processing)
-----------------------------------------------------------------------------------------------
This page is the jsp forward page of sucessfull login. Called from login page (index.jsp)
This page should only get called if authentication is active and valid user login credentials
have been submitted to Revize.
If authentication is disabled, redirect to the login_complete page.
If no authentication, transfers to index.jsp
If authentication is active...
1. If webSpace is unknown, display list of available webspaces for selection
After selecting one reload this page with webspace name selected in url
(cancel redirects to the login_canceled page)
2. If webSpace known or only one is available, select and set as active webspace
3. If there is not at least one real role, redirect to login page with message
4. If a module is specified, return to login page if user does not have access
If a specific permission is passed (create or update), it must be permited
if no specific permissions are passed either create or update is permitted
5. Redirect to login_complete page after all the above steps complete sucessfully
Input Parameters - passed on url
--------------------------------
request Last request submitted by the login page (index.asp). Should
always be "login".
pagetype If supplied, the type of page that called the login page:
"editlist" or "ediform"
domain The domain of the current Revize server (used to qualify cookies)
webspace The current webspace name. Login appears to reset the webspace
so this parameters passes the desired webspace name
module If supplied, the module to validate record permissions
recordaccess If supplied, the specific record access to validate
NOTE: This page is called from index.jsp and itself so any new paramters must
be added in both places.
Cookies Created
---------------
RZmessage Message indicating permission problems is stored in this Cookie
for display when rerouting to login page.
RZlogin Contains the webSpace name after a sucessfull login
-----------------------------------------------------------------------------------------------
--%>
<%@ page language="java" %>
<%@ page import="javax.security.auth.*, javax.servlet.http.*, java.security.*,
revize.security.*, revize.security.permission.*, java.util.*, java.text.*"%>
<%@ page import="revize.store.*, idetix.security.UserContext,idetix.security.* "%>
<%@ page import="revize.servlet.*, revize.request.*, revize.data.*, revize.*"%>
<%@ page import="revize.RevizeConstants"%>
<%@ include file = "/util/cacheControl.jsp" %>
<%@ page import="revize.db.*,revize.db.sql.*,revize.security.principal.*,idetix.util.StringUtils" %>
<%@ page import="java.sql.*,javax.security.auth.*" %>
<%@include file = "/util/setup_editlist_header.jsp"%>
<%-----returns isAuthenticated=true or false (Store initialized if true)-----%>
<%@ include file = "/security/isAuthenticated.jsp" %><%
String revize_channel_url="";
boolean isTrace = rz.getcookie("RZtrace").equals("ON");
//----- URL parameters
boolean test = false;
if (request.getParameter("test") != null) test = true;
String moduleName = "";
moduleName = request.getParameter("module");
if ( moduleName == null ) moduleName = "";
String pagetype = "";
pagetype = request.getParameter("pagetype");
if ( pagetype == null ) pagetype = "";
String recordAccess = "";
recordAccess = request.getParameter("recordaccess");
if ( recordAccess == null ) recordAccess = "";
String webSpaceName = "";
String webSpaceDesc = "";
String filename= "";
webSpaceName = request.getParameter("webspace");
if ( webSpaceName == null ) webSpaceName = "";
String domain = request.getParameter("domain");
if ( domain == null ) domain = "";
filename = request.getParameter("filename");
String hashed_username = "N/A";
//********** authentication NOT active **********
// this page should not be called in this case
if (!RevizeProperties.isAuthenticationActive() )
{
%>
<%
}
//************ Authentication Active ************
//----- If not authenticated redirect to login
if (!isAuthenticated)
{
%>
<%
}
//----- Get list of all webSpaces user can access
WebSpace webSpace = null;
SortedSet webSpaces = null;
List webSpaceList = new LinkedList();
if(webSpaceName.equals(""))
{
webSpaces = new TreeSet( revize_store.readWebSpaces() );
revize_log += "@@webspace not specified; " + webSpaces.size() + " available";
}
else
{
webSpace = revize_store.readWebSpace(webSpaceName);
{
webSpaceList.add(webSpace);
webSpaces = new TreeSet(webSpaceList);
}
}
Iterator itr = webSpaces.iterator();
//----- If no webspace specified but only one exists, select it and continue
if (webSpaceName.equals("REVIZE") || webSpaceName.equals("") )
{
if (webSpaces.size() == 1)
{
webSpace = (WebSpace)itr.next();
webSpaceName = webSpace.getLabel();
revize_webspace= webSpaceName;
//revize_getRoles();
java.util.Map results = com.revize.vh.SecurityVH.revize_getRoles(revize_webspace,revize_subject);
revize_credential = (revize.security.Credential)results.get("revize_credential");
revize_roles = (String)results.get("revize_roles");
revize_username = (String)results.get("revize_username");
if(revize_roles == null) revize_roles = "";
}
}
//----- If test mode or no webspace selected, display list
if (test || webSpaceName.equals("REVIZE") || webSpaceName.equals("") )
{
/***** ___________________________________________________
| |
| Note the following html is only used when a |
| webspace must be selected. |
|___________________________________________________|
*****/
%>
Webspaces
<%
/***** ___________________________________________________
| |
| End of all html for selecting a webspace |
| |
| Code below executes after webspace known |
| |
| If webspace must be selected, this page |
| reloads with the specified webspace and |
| then this code is executed. |
|___________________________________________________|
*****/
//----- Web space was specified or determined
// Determine if user permitted in webspace
}else
{
boolean hasRole = true;
boolean hasPermission = true;
String message = "";
String permits = "";
//----- Check if user permitted in selected webspace
//if(webSpace == null)
message = "User not authorized for this webspace";
itr = webSpaces.iterator(); //reset to first
while ( itr.hasNext() )
{
webSpace = (WebSpace)itr.next();
if ( webSpaceName.equals(webSpace.getLabel()) )
{
message = "";
break;
}
}
if ( !message.equals("") )
{
isAuthenticated = false;
//----- User authorized for selected webspace
}else
{
//----- Set webspace
SessionAccess.setWebSpaceName( request, webSpaceName );
//----- Check permissions, if authentication active
if ( revize_securitylevel.equals("full") )
{
//----- Get permission for specified module(s) and save in RZpermits cookie.
//permits = revize_getPermits(webSpaceName,rz);
java.util.Map results = com.revize.vh.SecurityVH.revize_getPermits(webSpaceName, rz, revize_subject, revize_roles, revize_superuser);
Boolean revize_access_obj = (Boolean)results.get("revize_access");
revize_access = false;
if(revize_access_obj != null){
revize_access=revize_access_obj.booleanValue();
}
revize_log +=(String)results.get("revize_log");
revize_exception = (Exception)results.get("revize_exception");
revize_exception_trace = (String)results.get("revize_exception_trace");
permits = (String)results.get("allPermits");
if (revize_exception != null)
throw new Exception(revize_exception_trace);
revize_log += "@@permits=" + permits;
revize_log += "@@@@roles=" + revize_roles;
revize_log += "@@accessible roles=" + revize_subject.getPrincipals().size() +" webspaces="+ webSpaces.size();
//----- Make sure user has at least one non-default role
// (there is one default role for each webspace)
//System.out.println( "roles=" + revize_subject.getPrincipals().size() +" webspaces="+ webSpaces.size() );
//if ( revize_subject.getPrincipals().size() <= webSpaces.size() )
if ( revize_roles.equals(""))
{
isAuthenticated = false;
message = "User has no roles and therefore no edit permissions"
+ "
Check with your Web Site Administrator";
}
//----- Make sure logged in user has permissions if module specified
else if ( !moduleName.equals("") )
{
//specific edit action specified
if (recordAccess.equals("create") || recordAccess.equals("update") )
{
revize_permission = new RecordPermission( webSpaceName, moduleName , recordAccess );
message = "User not authorized to " + recordAccess + " records on this page";
}
else //edit action not specified - check for either create or delete
{
revize_permission = new RecordPermission( webSpaceName, moduleName , "create" );
if( !SecurityUtils.hasValidPermissions(revize_subject, revize_permission) )
revize_permission = new RecordPermission( webSpaceName, moduleName , "update" );
message = "User not authorized to update existing content "
+ "or create new records on this page";
}
//----- check permissions (DCO 01-13-2007 TODO: not sure what this is testing)
if( !SecurityUtils.hasValidPermissions(revize_subject, revize_permission) )
isAuthenticated = false; //indicates no authentication
else
message = "";
}
//----- Make sure logged in user has permission to at least one module
else if ( !revize_access )
{
isAuthenticated = false;
message = "User does not have access to any database content modules"
+ "
Check with your Web Site Administrator";
}
}
}
//----- If exception print, otherwise continue...
if ( revize_exception != null )
{
%>
Revize Error!
occured on: authentication.jsp
Error Details:
<%=revize_exception%>
<%
}else
{
//----- Redirect to login page (index.asp) if no permissions
if (!isAuthenticated)
{
Cookie messageCookie = new Cookie("RZmessage", message);
messageCookie.setPath("/");
response.addCookie( messageCookie );
if (isTrace)
response.sendRedirect("login_complete.html#"+revize_log);
else
{
%>
<%
}
}
//----- Save login information and return to appropriate page via login_complete
Cookie cookie = new Cookie("RZlogin", webSpaceName + "#" + domain);
cookie.setPath("/");
response.addCookie(cookie);
cookie = new Cookie("RZusername", revize_username + "#" + domain);
cookie.setPath("/");
response.addCookie(cookie);
// Hash username
String tempUsername = webSpaceName + revize_username;
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] strBytes = tempUsername.getBytes();
byte[] strHash = sha256.digest(strBytes);
StringBuffer sb = new StringBuffer();
for(int i=0; i < strHash.length ;i++) {
sb.append(Integer.toString((strHash[i] & 0xff) + 0x100, 16).substring(1));
}
hashed_username = sb.toString();
cookie = new Cookie("RZhashedusername", hashed_username + "#" + domain);
cookie.setPath("/");
response.addCookie(cookie);
//----- Code to set the cookie of roles of current user (MF:Pooja)
cookie = new Cookie("RZroles", revize_roles);
cookie.setPath("/");
response.addCookie(cookie);
cookie = new Cookie("RZpermits", permits);
cookie.setPath("/");
response.addCookie(cookie);
//Derive the revize channel url
Connection con=null;
try
{
con = ConnectionPool.getInstance().getConnection(webSpaceName);
List channels = ChannelSQL.getInstance().readChannels(con);
Iterator channel_itr = channels.iterator();
while(channel_itr.hasNext())
{
ChannelImpl c = (ChannelImpl)channel_itr.next();
//revize_log += "@@revize channel url = " + revize_channel_url;
if(c.getLabel().equals("revize") || c.getDescription().indexOf("Revize Server") != -1)
{
revize_channel_url = c.getBaseUrl();
break;
}
}
}
catch(Exception e)
{
e.printStackTrace();
}
finally
{
ConnectionPool.getInstance().replaceConnection(con);
}
revize_log += "@@filename = " + filename;
revize_log += "@@revize_channel_url = " + revize_channel_url;
// trace info requested
if (isTrace)
response.sendRedirect("login_complete.html#"+revize_log);
// return to home page on revize server (probably called by entering url)
else if(!pagetype.equals("editform") && (filename == null || filename.equals("")) && !revize_channel_url.equals(""))
response.sendRedirect(revize_channel_url);
// called from editform or filename specified
else
response.sendRedirect("login_complete.html");
}
}
%> 